Red Hat Bugzilla – Bug 162899
CVE-2002-1903 pine username disclosure issue
Last modified: 2012-08-19 03:47:20 EDT
This text is taken from here:
From: Roger Marquis
The Pine email client allows users to define the "From:"
address independent of their Unix username. This is an
indispensable feature for help desks and other role accounts.
Unfortunately, user names and/or ids can still be leaked due to
Pine's insertion of "Sender:" and/or "X-Sender:" headers. Pine
versions earlier than 4.44 may also insert the Unix username
into other envelope and header fields.
That message also contains a patch for this issue.
This is a debatable security issue, it's the way many mailers worked, it was
documented behaviour, and is of minimal security consequence. It's not worth
issuing a security update for RHEL2.1 to correct this issue. wontfix.